From fea986a841f83b6518334e680ef109e445f07d2b Mon Sep 17 00:00:00 2001
From: newtbot <limtiseng@gmail.com>
Date: Wed, 31 Jan 2024 03:17:24 +0800
Subject: [PATCH] Fix file paths and add password reset functionality

---
 consumerWebsite/functions/api.js        | 33 ++++++++++++++++---
 consumerWebsite/functions/isValid.js    | 14 ++++++++-
 consumerWebsite/functions/nodeMail.js   |  2 +-
 consumerWebsite/functions/user.js       | 21 ++++++++++++-
 consumerWebsite/routes/auth.js          | 39 ++++++++++++++++++-----
 consumerWebsite/routes/render.js        | 30 +++++++++++++++++-
 consumerWebsite/views/bot.ejs           |  2 +-
 consumerWebsite/views/checkemail.ejs    |  2 ++
 consumerWebsite/views/logintop.ejs      |  8 ++---
 consumerWebsite/views/resetpassword.ejs | 42 ++++++++++++++++++-------
 consumerWebsite/views/signuplogin.ejs   |  3 +-
 consumerWebsite/views/top.ejs           | 12 +++----
 12 files changed, 169 insertions(+), 39 deletions(-)

diff --git a/consumerWebsite/functions/api.js b/consumerWebsite/functions/api.js
index 4a7a3f5..1103582 100644
--- a/consumerWebsite/functions/api.js
+++ b/consumerWebsite/functions/api.js
@@ -2,7 +2,7 @@ const { tokenModel } = require("../database/model/tokenModel.js");
 const { userModel } = require("../database/model/userModel");
 const { hash, compareHash } = require("./bcrypt.js");
 const { generateUUID } = require("./generateUUID.js");
-const { isValid } = require("./isValid");
+const { isValid , resetIsValid  } = require("./isValid");
 
 async function getTokenByToken(token) {
 	const splitAuthToken = token.split("-");
@@ -53,7 +53,7 @@ async function addToken(userId, permission, isKey ,expiry) {
 async function addPasswordResetToken(data , token){
 	let hashtoken = await hash(token);
 	let currentDate = new Date();
-	let tokenToLive = new Date(currentDate.getTime() + 15 * 60000);
+	let tokenToLive = new Date(currentDate.getTime() + 5 * 60000);
 
 	let tokenRes = await tokenModel.create({
 		userid: data.id,
@@ -62,7 +62,7 @@ async function addPasswordResetToken(data , token){
 		isKey: "isNotKey",
 		expiration: tokenToLive,
 	});
-	return true;
+	return tokenRes.id
 }
 
 async function checkToken(id) {
@@ -77,6 +77,31 @@ async function checkToken(id) {
 	return tokenRes;
 }
 
+async function checkTokenByrowID(token) {
+	if (!token) return false;
+	//split
+	const splitAuthToken = token.split("-");
+	const rowid = splitAuthToken[0];
+	const suppliedToken = splitAuthToken.slice(1).join("-");
+
+	let tokenRes = await tokenModel.findByPk(rowid);
+	//console.log(tokenRes);
+
+	if (!tokenRes) return false;
+
+	if (!compareHash(suppliedToken, tokenRes.token)) return false;
 
 
-module.exports = { addToken, getTokenByToken , checkToken , addPasswordResetToken};
+	//pass tokemRes.expiration to isValid
+	if (!isValid(tokenRes.expiration)) {
+		//add boolean to token table
+		tokenRes.destroy();
+		return false;
+	}
+
+	return tokenRes;
+
+}
+
+
+module.exports = { addToken, getTokenByToken , checkToken , addPasswordResetToken , checkTokenByrowID};
diff --git a/consumerWebsite/functions/isValid.js b/consumerWebsite/functions/isValid.js
index ae39ce1..394cf16 100644
--- a/consumerWebsite/functions/isValid.js
+++ b/consumerWebsite/functions/isValid.js
@@ -11,4 +11,16 @@ function isValid(time) {
     
 }
 
-module.exports = { isValid };
+//5 minutes
+function resetIsValid(time) {
+	if (
+		Math.floor(new Date(time).getTime() / 1000) <
+		Math.floor(new Date().getTime() / 1000)
+	) {
+		return false;
+	}
+	return true;
+}
+
+
+module.exports = { isValid  , resetIsValid };
diff --git a/consumerWebsite/functions/nodeMail.js b/consumerWebsite/functions/nodeMail.js
index a94bde8..bde09b3 100644
--- a/consumerWebsite/functions/nodeMail.js
+++ b/consumerWebsite/functions/nodeMail.js
@@ -84,7 +84,7 @@ async function sendResetPasswordEmail(email, resetToken) {
             subject: "Reset Password",
             html: `
                 <h1>Reset Password</h1>
-                <p><strong>Reset Password Link:</strong> <a href="localhost/api/v0/auth/resetpassword/${resetToken}">Reset Password Link </p>
+                <p><strong>Reset Password Link:</strong> <a href="localhost/resetpassword/${resetToken}">Reset Password Link </p>
                 <p><strong>From:</strong> Eco Saver</p>
                 <p>Kindly click on the link to reset your password!</p>
                 <p>Regards,</p>
diff --git a/consumerWebsite/functions/user.js b/consumerWebsite/functions/user.js
index 90d05d2..42ac76f 100644
--- a/consumerWebsite/functions/user.js
+++ b/consumerWebsite/functions/user.js
@@ -163,6 +163,23 @@ async function checkEmailDetails(email) {
 
 }
 
+async function resetPass(userid , data ){
+	let hashed = await hash(data.password);
+	let updateUser = await userModel.update(
+		{
+			password: hashed,
+		},
+		{
+			where: {
+				id: userid,
+			},
+		}
+	);
+	if (!updateUser) return false;
+	return true;
+
+}
+
 
 module.exports = {
 	getUserByID,
@@ -171,5 +188,7 @@ module.exports = {
 	loginUser,
 	updateProfile,
 	checkEmail,
-	checkEmailDetails
+	checkEmailDetails,
+	resetPass,
+
 };
\ No newline at end of file
diff --git a/consumerWebsite/routes/auth.js b/consumerWebsite/routes/auth.js
index 14116b7..32f2657 100644
--- a/consumerWebsite/routes/auth.js
+++ b/consumerWebsite/routes/auth.js
@@ -3,13 +3,17 @@ const {
 	loginUser,
 	checkEmail,
 	checkEmailDetails,
+	resetPass,
 } = require("../functions/user");
 const { sendContactEmail } = require("../functions/nodeMail");
 const { generateUUID } = require("../functions/generateUUID");
 const { addPasswordResetToken } = require("../functions/api");
 const { sendResetPasswordEmail } = require("../functions/nodeMail");
+const { checkTokenByrowID } = require("../functions/api");
+
 
 const express = require("express");
+const { render } = require("ejs");
 const router = express.Router();
 
 // /user/register
@@ -91,13 +95,16 @@ router.post("/checkemail", async (req, res, next) => {
 			let data = await checkEmailDetails(req.body.email);
 			//console.log(data);
 			//token generation and insert into token table
-			const token = await generateUUID();
+			let token = await generateUUID();
 
 			let tokenRes = await addPasswordResetToken(data, token);
 
 			//email user with temp token link
 			if (!tokenRes) return false;
 
+			//apend table id to token
+			token = tokenRes + "-" + token;
+
 			//email logic to send reset password link
 			sendResetPasswordEmail(req.body.email, token);
 
@@ -111,15 +118,33 @@ router.post("/checkemail", async (req, res, next) => {
 	}
 });
 
-router.get("/resetpassword/:token", async (req, res, next) => {	
-	//pass token to reset password page 
-
-});
 
 //reset password
-router.post("/resetpassword", async (req, res, next) => {
+router.post("/resetpassword/:token", async (req, res, next) => {
+	console.log(req.body);
+	console.log(req.params.token);
+
+	//if token is valid
+	let tokenRes = await checkTokenByrowID(req.params.token);
+
+	if (!tokenRes) {
+		let error = new Error("Token not found");
+		error.status = 400;
+		return next(error);
+	}
+	//token is valid and reset password
+	else{
+		let Res = await resetPass(tokenRes.userid, req.body);
+		if (!Res) return false;
+		else{
+			res.json({
+				message: "Password reset successfully",
+			});
+			tokenRes.destroy();
+		}
+	}
+
 });
 
 module.exports = router;
 
-
diff --git a/consumerWebsite/routes/render.js b/consumerWebsite/routes/render.js
index a892814..9b0bac0 100644
--- a/consumerWebsite/routes/render.js
+++ b/consumerWebsite/routes/render.js
@@ -1,4 +1,5 @@
 "use strict";
+const { checkTokenByrowID } = require("../functions/api");
 
 var router = require("express").Router();
 
@@ -33,7 +34,7 @@ router.get("/forgotpassword", function (req, res, next) {
 	res.render("forgotpassword");
 });
 
-//resetted password page
+//resetting password page
 router.get("/resetpassword", function (req, res, next) {
 	res.render("resetpassword");
 });
@@ -63,4 +64,31 @@ router.get("/sensor-data", function (req, res, next) {
 	res.render("sensor-data");
 });
 
+//reset password page
+router.get("/resetpassword/:token", async (req, res, next) => {	
+	try{
+	//pass token to reset password page 
+	//console.log(req.params.token);
+
+	//check if token is valid
+	let tokenRes = await checkTokenByrowID(req.params.token);
+
+	if (!tokenRes) {
+		let error = new Error("Token not found");
+		error.status = 400;
+		return next(error);
+	}
+	else {
+		let token = req.params.token;
+		console.log(token);
+		res.render("resetpassword", { token: token });
+	  }
+
+	}catch(error){
+		console.error(error);
+		next(error);
+	}
+});
+
+
 module.exports = router;
\ No newline at end of file
diff --git a/consumerWebsite/views/bot.ejs b/consumerWebsite/views/bot.ejs
index 4bb9f93..ac8308c 100644
--- a/consumerWebsite/views/bot.ejs
+++ b/consumerWebsite/views/bot.ejs
@@ -81,7 +81,7 @@
       </p>
    </div>
 </footer>
-<script src="js/search.js"></script>
+<script src="/js/search.js"></script>
 
 </body>
 
diff --git a/consumerWebsite/views/checkemail.ejs b/consumerWebsite/views/checkemail.ejs
index 2ff89c4..6fb6178 100644
--- a/consumerWebsite/views/checkemail.ejs
+++ b/consumerWebsite/views/checkemail.ejs
@@ -7,6 +7,8 @@
             <div class="error-contents">
                 <h3>Please check your email for the reset password link</h3>
             </div>
+            <br>
+            <br>
 
             <br>
             <a>Dont have an account?</a> <a href="/login">Sign Up</a>
diff --git a/consumerWebsite/views/logintop.ejs b/consumerWebsite/views/logintop.ejs
index 984ec1d..881c99d 100644
--- a/consumerWebsite/views/logintop.ejs
+++ b/consumerWebsite/views/logintop.ejs
@@ -6,14 +6,14 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <meta name="description" content="">
     <meta name="author" content="">
-    <link rel="shortcut icon" type="images/logo.ico" href="images/logo.ico" />
+    <link rel="shortcut icon" type="images/logo.ico" href="/images/logo.ico" />
     <!-- Bootstrap core CSS -->
     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet"
         integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
 
 
     <!-- Custom styles for this template -->
-    <link rel="stylesheet" href="css/sp.css" />
+    <link rel="stylesheet" href="/css/sp.css" />
 
 
     <!-- jQuery library -->
@@ -30,7 +30,7 @@
     <script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.2.0/socket.io.min.js"></script>
 
     <!-- jquery app.js -->
-    <script src="js/app.js"></script>
+    <script src="/js/app.js"></script>
 
 </head>
 
@@ -66,7 +66,7 @@
     <nav class="navbar fixed-top navbar-expand-lg navbar-dark bg-light top-nav fixed-top">
         <div class="container">
             <a class="navbar-brand" href="/">
-                <img src="images/logo.png" alt="logo" />
+                <img src="/images/logo.png" alt="logo" />
             </a>
             <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarResponsive"
                 aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation">
diff --git a/consumerWebsite/views/resetpassword.ejs b/consumerWebsite/views/resetpassword.ejs
index e55fe5d..abd3885 100644
--- a/consumerWebsite/views/resetpassword.ejs
+++ b/consumerWebsite/views/resetpassword.ejs
@@ -5,9 +5,12 @@
   <section class="wrapper">
     <div class="form">
         <header>Reset Password</header>
-        <form action="auth/resetPassword" >
-            <input type="password" name="password" placeholder="password" required>
-            <input type="cpassword" name="cpassword" placeholder="cpassword" required>
+        <div class="card-header shadow actionMessage" style="display:none"></div>
+        <!-- <form action="auth/resetpassword/<%= token.token%>" method="post" onsubmit="formAJAX(this)">  -->
+          <form action="auth/resetpassword/<%= token%>" method="post" onsubmit="formAJAX(this)" evalAJAX="app.auth.logInRedirect();">
+            <input type="password" id="password" name="password" placeholder="Password" required />
+          <input type="password" id="confirmPassword" name="confirmPassword" placeholder="Confirm Password"
+              required />
             <input type="submit" value="Reset Password" />
         </form>
         <br>
@@ -15,12 +18,29 @@
     </div>
 </section>
 
-  <table class="footer">
-    <tr>
-      <td>
-        <p>&copy; 2024 EcoSaver</p>
-      </td>
-    </tr>
-  </table>
 
-</body>
+<script>
+                //both password fields must match
+                var password = document.getElementById("password");
+                var confirm_password = document.getElementById("confirmPassword");
+
+                function validatePassword() {
+                    var passwordValue = password.value;
+
+                    // Strong password regex pattern
+                    var strongPasswordPattern = /^(?=.*[A-Za-z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!%*#?&]{8,}$/;
+
+                    if (passwordValue != confirm_password.value) {
+                        confirm_password.setCustomValidity("Passwords Don't Match");
+                    } else if (!strongPasswordPattern.test(passwordValue)) {
+                        confirm_password.setCustomValidity("Password must be at least 8 characters long and include at least one letter, one number, and one special character.");
+                    } else {
+                        confirm_password.setCustomValidity('');
+                    }
+                }
+
+                password.onchange = validatePassword;
+                confirm_password.onkeyup = validatePassword;
+</script>
+
+
diff --git a/consumerWebsite/views/signuplogin.ejs b/consumerWebsite/views/signuplogin.ejs
index 8543704..336568f 100644
--- a/consumerWebsite/views/signuplogin.ejs
+++ b/consumerWebsite/views/signuplogin.ejs
@@ -4,7 +4,6 @@
         //app.auth.redirectIfLoggedIn();
     </script>
 
-    <body>
         <section class="wrapper">
             <div class="form signup iot-card">
                 <!--<div class="form signup card" -->
@@ -67,7 +66,7 @@
                 confirm_password.onkeyup = validatePassword;
 
 
-
+                
                 const wrapper = document.querySelector(".wrapper"),
                     signupHeader = document.querySelector(".signup header"),
                     loginHeader = document.querySelector(".login header");
diff --git a/consumerWebsite/views/top.ejs b/consumerWebsite/views/top.ejs
index c13aed9..24eab6b 100644
--- a/consumerWebsite/views/top.ejs
+++ b/consumerWebsite/views/top.ejs
@@ -9,7 +9,7 @@
 	<meta http-equiv="cleartype" content="on" />
 	<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
 	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
-	<link rel="shortcut icon" type="images/logo.ico" href="images/logo.ico" />
+	<link rel="shortcut icon" type="images/logo.ico" href="/images/logo.ico" />
 
 
 	<!-- Bootstrap core CSS -->
@@ -17,8 +17,8 @@
 		integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous" />
 
 	<!-- Custom styles for this template -->
-	<link href="css/all.css" rel="stylesheet" />
-	<link href="css/style.css" rel="stylesheet" />
+	<link href="/css/all.css" rel="stylesheet" />
+	<link href="/css/style.css" rel="stylesheet" />
 	<!-- weird api page cdn -->
 	<link rel="preconnect" href="https://fonts.googleapis.com" />
 	<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
@@ -46,10 +46,10 @@
 	<!-- <script src="https://cdn.jsdelivr.net/npm/jquery.fancytable/dist/fancyTable.min.js"></script> -->
 
 	<!-- jq-repeat -->
-	<script src="js/jq-repeat.js"></script>
+	<script src="/js/jq-repeat.js"></script>
 
 	<!-- jquery public app.js -->
-	<script src="js/app.js"></script>
+	<script src="/js/app.js"></script>
 </head>
 <!-- javascript function to check if user is auth -->
 <script>
@@ -80,7 +80,7 @@
 	<nav class="navbar fixed-top navbar-expand-lg navbar-dark bg-light top-nav fixed-top">
 		<div class="container">
 			<a class="navbar-brand" href="/">
-				<img src="images/logo.png" alt="logo" />
+				<img src="/images/logo.png" alt="logo" />
 			</a>
 			<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarResponsive"
 				aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation">